A question, as I don't know how you AD is setup...
Would it be possible for you to save the users local data if any, and completely re-create that user on the pc?
That might be easier than finding a UAC / AD authorization issue